Yep this has already been discussed. CMF block api calls from BO so if POCs are only used to demonstrate Buffer Overflows there would be no way to block those.
Anyway any malicious code needs to call some API to accomplish something so real exploits will be catched by SMF.
It would be interesting to run Comodo BO tester 3rd test against BufferShield. It should fail.
Also CMF should protect your PC if some malware disable widows enforced hardware DEP.
I looked at that thread and found out Prevented Exploits | BufferShield CFM is not mentioned I guess that someone could ask them to include it in their tested products list ;D
I’m a bit confused here… so does CMF actually prevent BO’s from occurring, or does it just limit what the BO can do?
From what you said, it looks like the latter?
IIRC BO cannot be prevented. BO can be detected and the offending proces killed. That’s what CMF will do. If a BO is exploited then an API will be called.
How does CMF compare, in term of security, to Buffershield?
From the link in your test, how many “green hook” could CMF have/had and against wich of this exploit does CMF doesn’t protect us?
I cannot test those exploit myself :o as those are only link to advisories that give exploit specifics. I guess that is up to BS developers to add CFM and Microsoft HW DEP too.
From a thecnical standpoint. CMF catch some exploits that could be catched by MS HW dep and also some exploit that ms HW dep doesn’t catch.
DS developers tested only MS software dep (that is MS not hardware supported DEP used on old CPUs).
As it turns out MS enforced dep could be disabled in some cases so CMF will provide protection in such scenarios too.
Well, I hope BS developper will add CMF to there tests…
As for me, I have tried CMF but after two BSOD causes by the addition of CMF, I remove it from my system
I hope Comodo will solved the BSOD issue soon…
I have windows XP with SP2, Nod32 2.70.39, Comodo Boclean and Prosecurity 1.41 and Rollback Rx 8.1 and when BSOD happens I had Utorrent downloading in background, Mailwasher pro 6.1 in the tray bar, and I was navigating with Firefox on comodo website (both times) and listening music with Winamp 5.50…
Well. Buffershield didn´t pass the Comodo BO Tester… (:TNG)
Reason: Out-Dated post.